This Approov integration example is from where the code example for the Approov token binding check quickstart is extracted, and you can use it as a playground to better understand how simple and easy it is to implement Approov in a Python FastAPI server.
To lock down your API server to your mobile app. Please read the brief summary in the Approov Overview at the root of this repo or visit our website for more details.
The Python FastAPI server is very simple and is defined in the file src/approov-protected-server/token-check/hello-server-protected.py. Take a look at the verifyApproovToken()
and verifyApproovTokenBinding()
functions to see the simple code for the checks.
For more background on Approov, see the Approov Overview at the root of this repo.
To run this example you will need to have installed:
From /src/approov-protected-server/token-binding-check
execute the following:
cp .env.example .env
Edit the .env
file and add the dummy secret to it in order to be able to test the Approov integration with the provided Postman collection.
First, you need to set the dummy secret in the src/approov-protected-server/token-check/.env
file as explained here.
Second, you need to install the dependencies. From the src/approov-protected-server/token-check
folder execute:
virtualenv venv
source venv/bin/activate
pip3 install -r requirements.txt
Now, you can run this example from the src/approov-protected-server/token-check
folder with:
uvicorn hello-server-protected:app --reload --port 8002
NOTE: If using python from inside a docker container add the option
--host 0.0.0.0
Next, you can test that it works with:
curl -iX GET 'http://localhost:8002'
The response will be a 401
unauthorized request:
HTTP/1.1 401 Unauthorized
date: Fri, 18 Mar 2022 18:01:01 GMT
server: uvicorn
content-length: 2
content-type: application/json
{}
The reason you got a 401
is because no Approoov token is provided in the headers of the request.
Finally, you can test that the Approov integration example works as expected with this Postman collection or with some cURL requests examples.
If you find any issue while following our instructions then just report it here, with the steps to reproduce it, and we will sort it out and/or guide you to the correct path.
If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point: